[tor-relays] Reminder: If you are on 0.2.9.x, make sure you are running

Nick Mathewson nickm at torproject.org
Thu Feb 9 18:04:30 UTC 2017

Hi, awesome relay operators!

About two weeks ago, we put out, to fix a significant problem
in our build process that led to an easy remote crash attack:

  o Major bugfixes (security):
    - Downgrade the "-ftrapv" option from "always on" to "only on when
      --enable-expensive-hardening is provided." This hardening option,
      like others, can turn survivable bugs into crashes -- and having
      it on by default made a (relatively harmless) integer overflow bug
      into a denial-of-service bug. Fixes bug 21278 (TROVE-2017-001);
      bugfix on

If you are on some earlier version of 0.2.9.x, it would be really
great if you could update your relay some time soon: I want to put out
a fix for the underlying bug here, but I'm hesitant to do so while
there are still 700 crashable relays on the network.

Also if you are on, you should upgrade to
or later, but there are only around 53 relays still on that version,
so I'm freaking out less about that.

best wishes and many thanks,

More information about the tor-relays mailing list